From Discovery to Defense – Securing SAP with Onapsis
Key Takeaways
⇨ Mariano Nunez, founder of Onapsis, identified critical vulnerabilities in ERP systems during his early penetration tests, leading to the creation of proactive security solutions aimed at protecting business-critical applications as cloud adoption expanded.
⇨ Organizations must understand that traditional security measures are inadequate in the cloud era, and embedding security into the SAP environment from the outset is essential to mitigate risks associated with sophisticated cyber threats and compliance failures.
⇨ Onapsis leverages industry collaboration and advanced threat intelligence to provide continuous monitoring and real-time vulnerability management, helping organizations securely transition to cloud ERP systems and effectively manage risks in an evolving threat landscape.
Mariano Nunez’s journey from cybersecurity enthusiast to industry leader began with an early fascination that evolved into a mission to secure business-critical applications. His breakthrough came during a penetration test on an SAP system, where he discovered a critical blind spot—ERP systems from major vendors were highly vulnerable yet were largely unprotected. As cloud adoption expanded, so did the attack surface, while organizations remained unprepared to defend against sophisticated threats. In response, Nunez founded Onapsis in 2009 to provide proactive security solutions for ERP environments.
Under his leadership, Onapsis has tracked the evolution of SAP threats, from unpatched vulnerabilities and unsecured configurations to sophisticated attacks that bypass traditional security controls. These threats pose significant financial, operational, and regulatory risks, making SAP security a strategic imperative.
Traditional Security Is Insufficient in the Cloud Era
Security is a crucial yet often overlooked aspect of SAP migrations, especially when transitioning to SAP S/4HANA and RISE with SAP. Not including security at the start of any project can lead to compliance failures, delays, and heightened risks, whereas a proactive strategy enhances protection and accelerates transformation. A common mistake organizations make is relying on traditional security measures like firewalls and segregation of duties, which fail to safeguard the SAP application layer. This leaves them exposed to sophisticated cyber threats, including attackers who exploit unpatched vulnerabilities to take full control of business-critical data and processes. These risks underscore the urgency of embedding security early to maintain a resilient SAP environment.
Explore related questions
While SAP has made significant strides in securing its cloud infrastructure, the responsibility for securing the application layer, data, and user access still lies with customers. This makes a proactive approach to compliance and risk management essential.
One of the biggest challenges in SAP security is the ambiguity around responsibilities, particularly when moving to the cloud. Many organizations assume SAP’s security measures extend to their specific configurations and integrations, creating blind spots during cloud transitions. To address this, SAP provides a detailed shared responsibility model, especially for RISE with SAP, emphasizing the need for customers to secure their applications, custom developments, and integrations. While this has helped clarify responsibilities when moving to offerings like SAP S/4HANA Cloud Private Edition, it is crucial that organizations set up continuous threat monitoring, secure configurations, and real-time risk assessment. Without this ongoing monitoring, misconfigurations and outdated access controls can expose organizations to evolving cyber threats.
Rethinking Security in SAP Cloud Migrations
As organizations transition workloads to the cloud—and especially with the move to cloud ERP and SAP Business Suite—the security paradigm shifts. SAP ensures the security of the underlying cloud infrastructure, covering the network, hypervisor, and operating system layers, often resulting in a more robust security posture than on-premises environments. However, like all other major cloud vendors, SAP is not responsible for securing customers’ data and application layers in the cloud – it must be embedded into an organization’s risk and compliance framework to maintain resilience against evolving cyber threats.
Ensuring security is an inherent part of the SAP environment rather than an afterthought. Nunez emphasizes, “In the cloud, securing SAP applications and data remains the customer’s responsibility. Early cloud adopters often assumed SAP managed all security aspects, leading to overlooked vulnerabilities. Today, SAP has clarified this with a shared responsibility model, defining where SAP’s role ends, and customer obligations begin.”
Onapsis has collaborated with SAP on security research since 2009, focusing on identifying and mitigating critical vulnerabilities in SAP products. As the SAP application cybersecurity solution endorsed by SAP, Onapsis plays a crucial role in protecting enterprise systems from evolving threats. Recently, SAP and Onapsis expanded their partnership to enhance incident preparedness and response for SAP environments. This equips organizations with advanced threat intelligence and proactive defense mechanisms, enabling faster detection, mitigation, and recovery from security incidents.
Building A Non-Negotiable Foundation of Secure SAP Transformations
The cybersecurity threat landscape has expanded significantly, exposing organizations to heightened risks as SAP applications migrate to the cloud. Threat actors are increasingly targeting cloud-based SAP environments, capitalizing on newly emerging vulnerabilities. Data from Onapsis Research Labs reveals a 400% increase in ransomware attacks on SAP systems and data, alongside a 490% surge in discussions on criminal forums regarding SAP exploits. This sharp rise in threat activity underscores the critical need for organizations to adopt a proactive cybersecurity strategy. Implementing continuous monitoring, advanced threat detection, and stringent access controls is imperative to mitigating risks and ensuring the security and resilience of core business applications in an evolving threat environment.
Onapsis was founded to address a critical gap in SAP security, recognizing that traditional cybersecurity tools were insufficient for protecting business-critical applications. Through Onapsis Platform, the company provides end-to-end security for SAP environments, integrating real-time threat intelligence from its dedicated Onapsis Research Labs. This research division continuously monitors emerging cyber risks, ensuring that customers receive proactive, rather than reactive, security measures. By embedding cutting-edge intelligence directly into its platform, Onapsis enables organizations to safeguard their most valuable systems against evolving threats.
Additionally, recognizing how late-stage security gaps—failed audits, misconfigured controls, and security red flags—can derail projects at the executive level, driving up costs and delaying go-lives, Onapsis launched the Secure RISE Accelerator which eliminates these risks by identifying and mitigating vulnerabilities before they impact the business. Backed by real-time threat intelligence from Onapsis Research Labs, this proactive approach prioritizes critical risks, streamlines compliance, and reduces wasted effort. Security becomes an accelerator, not a bottleneck—cutting delays, lowering costs, and strengthening resilience. With flexible financial models, the Secure RISE Accelerator integrates seamlessly into the SAP Activate methodology, ensuring faster, safer, and more cost-effective cloud adoption.
Onapsis enhances SAP cybersecurity not only through its technology but also by fostering industry collaboration via the SAP Defenders Community. Nunez reinforces, “Cybersecurity is about staying ahead of threats, and our research labs make that possible. We work with SAP and other vendors to uncover and mitigate zero-day vulnerabilities, having discovered and mitigated over 1,000 critical issues to date. Our threat intelligence provides real-time visibility into attacker tactics, helping customers strengthen defenses before an attack occurs. Beyond technology, our SAP Defenders Community fosters collaboration among the world’s largest SAP customers—sharing intelligence, best practices, and mitigation strategies. In cybersecurity, it is not about competition; it is about collective defense.”
Providing Specialized Expertise through Innovative Partnerships
Recognizing that security is not just a technological challenge but also one of expertise and process optimization, Onapsis works alongside certified partners including many of the world’s leading system integrators to bridge the gap between traditional information security teams and SAP administrators. This alignment is particularly critical during transformation projects, where multiple stakeholders must work together to implement effective and sustainable security controls.
Under the leadership of Nunez, the company has demonstrated that integrating security early in digital transformation initiatives not only reduces risk but accelerates project timelines and optimizes costs. For instance, a global retailer with $6 billion in annual revenue leveraged Onapsis to embed security controls into their ERP migration strategy from the outset, allowing them to complete the transition six months ahead of schedule and under budget. In another case, a chemical manufacturer detected a long-standing insider threat—an ex-developer illicitly accessing financial reports for stock trading advantages—only after deploying Onapsis’ advanced monitoring capabilities years later. These examples underscore Onapsis’ role in redefining cybersecurity beyond conventional defense mechanisms, enabling enterprises to enhance agility, maintain compliance, and safeguard their most critical assets in an evolving threat landscape.
Nunez emphasizes, “As cloud and AI adoption accelerate, organizations must recognize that cybersecurity is not inherently “baked in” but requires a proactive strategy. Security teams must go beyond default cloud protections, ensuring comprehensive risk management, compliance, and governance frameworks are in place to safeguard SAP environments effectively.”
Securing the Future
Cloud adoption remains a dominant force shaping the client landscape, with nearly every ERP user considering a cloud migration. While cloud solutions continue to drive transformation, security concerns remain a primary obstacle, particularly for large enterprises moving their ERP systems to the cloud. AI is also gaining traction, with organizations increasingly focused on leveraging it securely and ensuring critical data is not compromised. The challenge lies in balancing AI innovation with strong security measures, making confidence in AI-driven processes a key priority for businesses. For CIOs, CTOs, and IT leaders, this means ensuring proper configuration of SAP applications, secure integrations across the ecosystem, protection of custom code against vulnerabilities, and continuous SAP application threat monitoring.
Onapsis is at the forefront of this transformation, eliminating security barriers and enabling enterprises to embrace cloud and AI with confidence with security solutions designed specifically for SAP applications. By offering real-time vulnerability management, automated compliance reporting, and advanced threat intelligence, Onapsis empowers organizations to move beyond reactive security measures and secure integrations across their environments. Whether migrating to the cloud, integrating AI-driven processes, or enhancing system resilience, Onapsis ensures that SAP environments remain protected from sophisticated cyber threats—allowing organizations to adopt SAP innovations faster without compromising security or trust.
